<?php
$loggedin = 0; 		//global variable for if the user is logged in
$first_name = ""; 	//global variable for the users first name, should always check loggedin first before accessing
$last_name = ""; 	//global variable for the users last name, should always check loggedin first before accessing
$email = ""; 		//global variable for the users email, should always check loggedin first before accessing


if (!empty($_SESSION["user_id"]) && !empty($_SESSION["user_password"]))
{
	$temp = $_SESSION["user_id"];
	$safe_temp=mysql_real_escape_string($temp);	//must always escape characters before calling a sql statement from user input
	$result = mysql_query("SELECT * FROM user WHERE user_id='$safe_temp' ");
	$rowh = mysql_fetch_array($result);
	if ($rowh["user_password"]==$_SESSION["user_password"])
	{
		$loggedin=1;
		$first_name=$rowh["user_first_name"];
		$last_name=$rowh["user_last_name"];
		$email=$rowh["user_email"];
	}
}

?>
